TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-09 03:04:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
31,870 Commits 179 Branches 280 Tags
b6ad19b2b8bc8ab6281ceb3a77d29dd44c348245
Commit Graph

31870 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
b6ad19b2b8 Merge pull request #9976 from mpg/defragment-ext-test-3.6 
Defragment ext test 3.6
 2025-03-17 11:44:28 +00:00
Manuel Pégourié-Gonnard
d3ca688b4b Merge pull request #10064 from davidhorstmann-arm/update-3.0-migration-guide-3.6 
[Backport 3.6] Update the 3.0 migration guide
 2025-03-14 13:28:49 +00:00
David Horstmann
20220f09b4 Reword slightly to be more tentative 
We don't guarantee ABI stability, but we do try to maintain it where we
can.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-14 10:51:22 +00:00
Gilles Peskine
c03cd1124c Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error 
Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state
 2025-03-14 10:11:40 +00:00
Manuel Pégourié-Gonnard
43a04e7640 Re-introduce log asserts on positive cases 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8476c38b21 Improve a test assertion 
That way if it ever fails it will print the values.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
29073e3a00 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
b59caea309 Add test cases for EOF in the middle of fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
4712b3e6b8 Adjust logic around log pattern 
This is more flexible: the test data gets to decide whether we want to
assert the presence of a pattern or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
d2197afa37 Add test for length larger than 2^16 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
8577510009 Adapt "large ClientHello" tests to incremental 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
c6cf7e5b19 Cleanly reject non-HS in-between HS fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
051b1e21d6 Reduce the level of logging used in tests 
This should avoid running into a bug with printf format specifiers one
windows.

It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
adad47634e Move new tests to their own data file 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
996c4c00a6 Fix dependency issues 
Declare the same dependencies as for the previous TLS 1.3 tests, except
for part that varies with the cipher suite (ie AES-GCM).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
6b25c504e1 New test function for large ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
89cc61a9fa Fix hash dependencies for TLS 1.2 tests 
We're not sending a signature_algorithm extension, which means SHA-1.

Caught by depends.py hashes

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
2b1ec8f63e Fix curve dependencies 
In addition to secp256r1 for the handshake, we need secp384r1 as it's
used by the CA certificate.

Caught by depends.py curves

Also, for the "unknown ciphersuite" 1.2 test, use the same key type and
all the same dependencies as of the "good" test above, to avoid having
to determine a second set of correct dependencies just for this one.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
428ce0aff9 Add missing dependency declaration 
This guards the definition of mbedtls_test_ssl_endpoint which we rely
on, so the function won't compile without it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
3a7f1d229b Fix dependency issues 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
31253cdafd Add test with non-HS record in-between HS fragments 
Two of these tests reveal bugs in the code, so they're commented out for
now.

For the other tests, the high-level behaviour is OK (break the
handshake) but the details of why are IMO not good: they should be
rejected because interleaving non-HS record between HS fragments is not
valid according to the spec.

To be fixed in future commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
bde37cedde Add test to TLS 1.3 ClientHello fragmentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
ba71610fa3 Add reference tests with 1.3 ClientHello 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
f83bc798e1 Add supported_curves/groups extension 
This allows us to use a ciphersuite that will still be supported in 4.0.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard
00ad6f6b03 New test function inject_client_content_on_the_wire() 
Not used for real stuff so far, just getting the tooling in place.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-14 09:21:59 +01:00
Gilles Peskine
0ed5cb8074 Merge pull request #10004 from gilles-peskine-arm/doc-threading-needed-by-psa-3.6 
Backport 3.6: Document PSA's need for threading
 2025-03-14 03:51:52 +00:00
David Horstmann
235dfc2b8c Add note about MBEDTLS_PRIVATE() in 3.6 
Note that in the Mbed TLS 3.6 LTS, users can generally rely on being
able to access struct members through the MBEDTLS_PRIVATE() macro, since
we try to maintain ABI stability within an LTS version.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-13 17:01:35 +00:00
David Horstmann
cd5053465a Fix typos in the 3.0 migration guide 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2025-03-13 17:01:35 +00:00
Gilles Peskine
ba4f16691c Merge pull request #10058 from gilles-peskine-arm/mbedtls_net_send-api-desc-tweak-3.6 
Backport 3.6: mbedtls_net_send API description typo fix
 2025-03-13 16:29:57 +00:00
Bence Szépkúti
b22247b85b Merge pull request #10043 from Mbed-TLS/msvc-format-size-macros-3.6 
[Backport 3.6] Fix preprocessor guards for C99 format size specifiers
 2025-03-13 10:09:13 +00:00
Noah Pendleton
b05b3b19d7 mbedtls_net_send API description typo fix 
Signed-off-by: Noah Pendleton <noah.pendleton@gmail.com>
 2025-03-13 10:32:27 +01:00
Gilles Peskine
3dbe333ab0 Merge pull request #10051 from Vge0rge/key_id_range_backport 
PSA core: Allow enabling one volatile/builtin key
 2025-03-13 09:27:12 +00:00
Manuel Pégourié-Gonnard
5b114163e4 Merge pull request #10056 from minosgalanakis/feature_merge_defragmentation_36 
Merge defragmentation feature branch onto 3.6
 2025-03-13 08:36:11 +00:00
Bence Szépkúti
c64b7bc664 Use an array of strings instead of pointer smuggling 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 19:12:44 +01:00
Bence Szépkúti
a029387d1b Use dummy typedef instead of macro 
Use a dummy definition of mbedtls_ms_time_t in builds without
MBEDTLS_HAVE_TIME.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Bence Szépkúti
f525505886 Clarify changelog 
Remove mention of the shipped .sln files, as those are planned to be
removed from Mbed TLS.

Clarify the affected CRT headers.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2025-03-12 17:28:30 +01:00
Minos Galanakis
51668e5249 Updated framework pointer. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:22:27 +00:00
Minos Galanakis
104bd06826 Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:21:56 +00:00
Manuel Pégourié-Gonnard
26932b811b Merge pull request #10055 from gilles-peskine-arm/tls-defragment-doc-3.6 
Backport 3.6: Document the limitations of TLS handshake message defragmentation
 2025-03-12 13:00:23 +01:00
Gilles Peskine
a7c020d6cb Update the location of defragmentation limitations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:48 +01:00
Gilles Peskine
858900656e State globally that the limitations don't apply to DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:47 +01:00
Gilles Peskine
bc0255592f Clarify DTLS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:11 +01:00
Gilles Peskine
c3af2f48c4 ClientHello may be fragmented in renegotiation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:11 +01:00
Gilles Peskine
494e4943b5 Move the defragmentation documentation to mbedtls_ssl_handshake 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:55:10 +01:00
Gilles Peskine
1933932e55 Refer to the API documentation for details 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:53:11 +01:00
Gilles Peskine
b5ccd32390 Document the limitations of TLS handshake message defragmentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-12 10:53:11 +01:00
Gilles Peskine
d3b3c6740f More generally, what needs psa_crypto_init also needs threading 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-11 14:45:54 +01:00
Manuel Pégourié-Gonnard
579f91ad44 Merge pull request #10046 from mpg/fix-defrag-interleave-3.6 
Fix defrag interleave 3.6
 2025-03-11 12:38:21 +01:00
Georgios Vasilakis
d5e64f71db PSA core: Allow enabling one volatile/builtin key 
The current impelementation asserts if the user
sets MBEDTLS_PSA_KEY_SLOT_COUNT to one or if they
limit their builtin range to one key.

This removes the requirement and allows for only
one key volatile/builtin to be enabled.

Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>
 2025-03-11 09:37:29 +01:00
Manuel Pégourié-Gonnard
8a4ec49671 Cleanly reject non-HS in-between HS fragments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-03-10 21:38:48 +01:00